# Configuration files

`solforge` is configurable via a TOML file at the project root. The file is named `.solforge.toml` and is auto-discovered: the binary walks up from the current directory until it finds one or reaches the filesystem root. The resolution order is documented at the foot of this chapter.

## Top-level keys

```toml
[project]
name = "my-program"
default_network = "devnet"

[security]
fail_at = "high"
disabled_rules = ["info-only-rule"]

[fuzz]
default_iterations = 1000
seed = 0xC0DE
parallel = 4

[rpc]
devnet  = "https://api.devnet.solana.com"
mainnet = "https://api.mainnet-beta.solana.com"
```

Each section is independently optional. A `.solforge.toml` containing only a `[project]` block is valid; the framework will fall back to the defaults documented below for every absent key.

## `[project]`

| key               | type                      | default                | meaning                                              |
| ----------------- | ------------------------- | ---------------------- | ---------------------------------------------------- |
| `name`            | string                    | derived from directory | a short identifier used in report headers            |
| `default_network` | `"devnet"` \| `"mainnet"` | `"devnet"`             | the network used when a command does not specify one |

`default_network` does not affect commands that take an explicit network argument. It is consulted only when the argument is absent.

## `[security]`

| key              | type                                                          | default  | meaning                                                |
| ---------------- | ------------------------------------------------------------- | -------- | ------------------------------------------------------ |
| `fail_at`        | `"critical"` \| `"high"` \| `"medium"` \| `"low"` \| `"info"` | `"high"` | the lowest severity that causes a non-zero exit        |
| `disabled_rules` | array of strings                                              | `[]`     | rule IDs that should be skipped without being reported |

A rule listed in `disabled_rules` does not appear in the rendered report. This is the recommended way to acknowledge a rule as out of scope for a given project; using `--severity` flags at invocation time is supported but discouraged for repeatability.

## `[fuzz]`

| key                  | type    | default | meaning                                                  |
| -------------------- | ------- | ------- | -------------------------------------------------------- |
| `default_iterations` | integer | `1000`  | iterations per instruction when `--iterations` is absent |
| `seed`               | integer | absent  | fix the PRNG seed for reproducibility                    |
| `parallel`           | integer | `1`     | number of instructions to fuzz concurrently              |

When `seed` is absent the fuzz engine draws a fresh seed from the operating system. This is the default because the most useful fuzz runs are the ones that surprise the developer; pinning a seed is appropriate for reproductions, not for ongoing testing.

## `[rpc]`

| key       | type | default                               | meaning                    |
| --------- | ---- | ------------------------------------- | -------------------------- |
| `devnet`  | URL  | `https://api.devnet.solana.com`       | RPC endpoint for `devnet`  |
| `mainnet` | URL  | `https://api.mainnet-beta.solana.com` | RPC endpoint for `mainnet` |

For programs of any size, the public mainnet endpoint will rate-limit `getProgramAccounts`. A paid endpoint (Helius, QuickNode, Triton) is strongly recommended for mainnet forks and for any CI workflow that re-forks on each run.

## Discovery and resolution order

The active configuration is the first file found in this sequence:

1. the path given to `--config`
2. `.solforge.toml` in the current directory or any ancestor
3. `~/.config/solforge/config.toml`

If none of the above exists, the framework runs entirely on defaults. A run with no configuration is supported and is the right starting point for evaluating the tool; the explicit configuration grows with the project.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://solanatestforge.gitbook.io/solanatestforge-docs/part-ii-reference/configuration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.